DDoS cyberattacks have skyrocketed this year. Just ask the New Zealand stock exchange

August 31, 2020, 8:15 AM UTC

On Monday, the operator of New Zealand’s stock exchange, NZX, suffered a massive cyberattack for a fifth consecutive trading day. Unlike the previous four incidents, however, NZX managed to maintain trading on its markets.

“NZX has been advised by independent cyberspecialists that the attacks last week are among the largest, most well-resourced, and sophisticated they have ever seen in New Zealand,” said NZX chief executive Mark Peterson.

NZX has been hit by a series of distributed denial of service (DDoS) attacks, in which an attacker overwhelms a website’s servers by repeatedly and rapidly requesting access to the site. The deluge of requests effectively causes the site to shut down.

Although NZX suspended trading on several of its markets on multiple days, the financial impact on investors has been minimal. On Monday the NZ50, New Zealand’s benchmark index, closed 0.6% higher versus the Monday before.

DDoS attacks can be extremely disruptive but are not especially sophisticated. The attack doesn’t suggest a security breach, in which data could be stolen, for example. NZX suspended trading last week only because the attack prevented traders from accessing up-to-date stock information published on NZX’s public-facing website.

“If there was a massive distributed attack, it would act as a load test essentially,” said Juta Gurinaviciute, chief technology officer at NordVPN Teams, an Internet security company. A load test is when web developers request access to a website to see how quickly the servers respond. There are no solutions to DDoS attacks, Gurinaviciute says, “apart from queueing requests and queries to reduce the load.”

On Monday, NZX kept markets open by sharing up-to-date information through alternative platforms. The market operator didn’t provide details on those alternative means, fearing further attacks, but New Zealand Herald reports that a crowd-trading app called Sharesies, for example, has been providing information to traders through a Google doc.

“Any high-profile site should expect a DDoS attack and be prepared for it,” Gurinaviciute said, noting that such attacks have become “increasingly commoditized” by the cybercrime community. Cybercriminals often sell DDoS attacks as an “entry level” service for miscreants looking to cause maximum disruption with minimal know-how, Gurinaviciute says.

According to a report from network security firm Nexusguard, DDoS attacks worldwide increased by more than 278% in the first quarter of the year, compared with the same period in 2019.

Nexusguard attributes the increase in part to the outbreak of the COVID-19 pandemic. With more people working from home, DDoS attacks have become an increasingly efficient way to sow chaos, the report says.

NZX hasn’t provided details on who is perpetrating these attacks, besides noting that the attacks appear to have originated “offshore.” DDoS attacks are often used as a distraction to divert attention from a more sophisticated attack elsewhere, Gurinaviciute says, but “there is no suggestion that this happened in this case.”